Table of Contents
I know people say a lot can happen in a year, but seriously, this much? As I sit here in 2025 and look at our customers, product, team, and the world around us, a year ago might as well be accompanied by a grayscale filter.
Basking in modern neon light, I’m pleased to continue this annual tradition of reflecting on Descope’s past 12 months of product innovation, customer trust, and industry validation.
Shipping at Mach speed
One of our guiding principles is to bring features to market with agility and simplicity while taking a long-term view on aspects like security, availability and resilience. In 2024, our team launched a host of capabilities to improve user experience, enhance developer experience, and help our customers deliver omnichannel journeys.
The best service is self-service
Users expect to perform a variety of user management actions on their own without talking to support or opening tickets. Tenant admins don’t want to spend weeks setting up SSO connections. And the mere thought of migrating hundreds of SSO connections is enough to kill any new CIAM project.
We launched multiple capabilities to help our customers delegate administrative tasks to end users and tenant admins (and in some cases, just magic away any work involved).
Descope Widgets are embeddable UI components that enable users to manage their own profiles, roles, access keys, and audits. These widgets are completely customizable in a drag & drop editor, including the ability to expose custom attributes in user profiles and align them to your brand guidelines.
Self-service SSO configuration lets B2B tenant admins set up SSO connections entirely on their own. No more handholding needed through IdP selection, group and attribute mapping, configuring SSO domains, or testing the connection. With wizards for SAML and OIDC and setup guides for 10 IdPs, self-service SSO configuration has won the hearts of many people like David Li from You.com who said:
"We love Descope SSO flows from a CX standpoint. A customer we onboarded just told us it was the fastest implementation ever. It usually takes weeks but we were done in 15 minutes— small talk included!"
Finally, with SSO migration, Descope can now seamlessly consume and migrate customers’ current SSO setups using DNS redirects. End users get a seamless pre- and post-migration login experience, and tenant admins get an outlandish amount of time back.
Happy devs = happy customers
We are building a platform where the developer experience should make it a no-brainer for any organization to use Descope rather than roll their own auth. Our workflow-based approach puts extra responsibility on us, however: to enable customers with the right templates and content, to continue streamlining the flow-building experience, and to ensure that our flows are always in lockstep with our customers’ SDLC.
We launched a comprehensive Flow Library with over 100 templates for different auth methods, MFA methods, unique flows like inviting users or impersonating them for troubleshooting scenarios, templates with popular third-party connectors, and more. These templates make it easier than ever to get started with Descope and have a baseline flow that customers can make into their own.
Subflows allows customers to abstract out a flow as a single building block and include it in another flow. For example, the reset password process (which is a flow in itself) can now be added as a step in your signup and login user journeys.
Descope may be a no / low code platform, but our customers’ authentication systems must fit seamlessly into CI / CD processes. We took huge strides in this direction with templates and providers for GitHub Actions, Terraform, and Pulumi, helping customers manage Descope projects and configuration – including AuthN, AuthZ, connectors, and attributes– by taking a code-first approach to automating environments.
JSON Web Tokens (JWTs) are a core building block of Descope’s services and many other services out there. With the launch of JWT Templates, customers can generate user / access key JWT templates from predefined Descope samples, create their own custom templates, and assign JWT template defaults for each Descope Project.
Always fight friction
We can keep chatting about robust, secure user journeys till the cowbells come home, but it matters for naught if end users feel unnecessarily encumbered at any stage of the journey. Our aim is to help organizations never settle for friction when there’s a better way.
The user journey begins before account creation. With our new way of handling anonymous users, customers can assign temporary JWTs to these users and “upgrade” them to a full user after authentication. This not only reduces user friction, but also improves visibility over the pre-auth customer journey and enables unauthenticated guest checkout.
Another way to convert anonymous users to signups is to provide active prompts that feel native to their app experience and don’t ask much of them to create the account. Enter Google One Tap, now easily embeddable into any app using Descope SDKs. With Flows, customers can also run post-authentication user journeys such as verifying additional auth factors, calling actions from third-party connectors, and collecting more user information after One Tap is complete.
Organizations wanting to move away from SMS OTP for authentication love nOTP (no-tee-pee), a new authentication method that logs users in via WhatsApp to provide a frictionless experience while greatly reducing SMS messaging costs. Apart from mobile app authentication, nOTP can also be implemented via a QR code and is a great option for smart device authentication.
The capabilities highlighted in this recap are the top of the tip of the iceberg, so be sure to follow our changelog or monthly LinkedIn newsletter for the rest!
Customer kaleidoscope
Our message when we launched from stealth two years ago was “drag & drop auth for any app”. We really followed through on the “any app” part of our vision in the past 12 months, and are proud to call organizations across sizes, industries, and use cases our customers. With hundreds organizations in production, tens of thousands of developers on the free tier, and millions of identities managed, Descope is trusted by everyone from pre-revenue startups to Fortune 500 enterprises.
Our G2 reviews continue to paint diverse pictures of customers using Descope for seamless B2C auth, flexible B2B SSO, secure customer MFA, unified federation across apps and IdPs, and secure machine-to-machine authentication.
Startups and scaleups
Our Hello World Startup Program cohort now consists of over 100 startups that use Descope to “descope” authentication and user management from their developers’ lives. We’ve also been cheering with pride from the sidelines as many startup customers have gone through heady growth spurts and become scaleups in front of our eyes.
Congratulations in no particular order (and certainly not exhaustive) to:
Zafran Security for launching from stealth with $30M for their threat exposure platform and quickly following it up with another $40M raise.
You.com (already a bonafide scaleup when they became a Descope customer) for raising a $50M Series B round for their AI search and productivity platform.
Nominal for raising a $9.2M seed round to build a modernized ERP platform.
Miggo Security for raising a $7.5M seed round to build the next generation of application detection and response software.
Delve for raising a $3.3M seed round for their AI platform making compliance and evidence collection effortless for risk teams.
Enterprise
One of our guiding principles is to always remember that every customer is different. This is never more true than when partnering with large enterprises. When dealing with hundreds of millions of users, tens of thousands of B2B customers, multiple IdPs, and complex architectures, a CIAM platform has to be flexible enough to adapt to each scenario rather than forcing the customers to adapt.
Some common use cases worth noting are:
Home-grown and legacy CIAM replacements
Engineering teams are increasingly making the decision to sunset home-grown auth systems or migrate off legacy providers, both stemming from similar reasons: to make engineering teams more productive and to modernize CIAM to keep up with user needs of today and tomorrow.
We helped GoFundMe migrate millions of users off their home-grown system in 4.5 months and reduce friction by supplementing passwords with multiple social login providers. CARS24 trusted us to power auth for six different applications when their legacy provider (Okta CIS) was proving rigid and unscalable.
360 customer view with federation
Large enterprises don’t just have their main customer app or web portal to worry about. They often have a cavalcade of external applications–from support portals and community forums to certification systems and LMS platforms–and need to navigate all the complexity that comes with them. This is where Descope’s Identity Federation Broker shines.
Databricks unifies login experiences across three hosted apps and three IdPs with Descope, reducing friction for customers and gaining full visibility over their customer journey across digital properties. Owens & Minor enables passwordless auth for external users and SSO for internal users across multiple apps, with both sets of users seamlessly being stored in different data stores.
MFA augmentation
We’re focused on building a platform that isn’t just “rip & replace or no thanks”, but rather helps customers where they are, even if it means being interoperable with their existing CIAM systems. Adding strong, flexible, risk-based MFA is one such use case.
Branch implemented passkeys with Descope by augmenting their Amazon Cognito implementation, reducing auth-related support tickets by 50% in the process. Navan added magic link MFA with Descope in four days with minimal configuration changes to their existing auth provider.
Industry validation
In addition to customer adoption, we were also thrilled to receive recognition from analysts and the industry at large. Being included in the Fortune Cyber 60, Rising in Cyber, and Cyber 150 lists alongside other disruptive companies remains a source of pride. Being named a SINET16 Innovator was arguably even better as we were chosen by an esteemed panel of 100+ security professionals.
Moving to the analyst world, we were delighted to receive the KuppingerCole Rising Star recognition in CIAM and Passwordless. Lead analyst Alejandro Leal said in the report:
“Descope stands out in the CIAM space for its speed of implementation and adaptability. Its microservices-based architecture minimizes operational costs while enabling custom deployments with full tenant segregation and robust security controls, addressing the needs of large enterprises and highly regulated industries.”
We were also thrilled to be named a Transformational Innovation Leader in Global CIAM by Frost & Sullivan. Analyst Deepali Sathe said in the report:
"Descope offers an extremely robust set of offerings. Its sophisticated and customizable visual workflows set it apart from most other CIAM providers. Customers can use these workflows to create user journeys that fit their strategy with a simple drag-and-drop that includes both backend and frontend design capabilities."
Back to work
If you’ve stuck around till now, thank you! I’ll leave you with a feeling of optimism and excitement for the future. There are entire new areas of the product being built that I haven’t mentioned here but am eager to share with you in the coming weeks and months. But those capabilities aren’t going to build themselves, and I’m late for our daily standup. Until next time!
